IMHO: Winbind in Samba4
Stefan (metze) Metzmacher
metze at samba.org
Sun Jan 9 12:33:39 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Gémes Géza schrieb:
| Richard Sharpe írta:
|> On Sun, 9 Jan 2005, Simo Sorce wrote:
|>>>> |>>Well, some NAS boxes will be like that. Probably the smaller
|>>>> |>>NAS boxes. However, larger NAS boxes are most likely to be a member
|>>>> |>Same thing, the NAS box will have a local SAM anyway, and may well
|>>>> |>consider its SAM + the DC SAM to be authoritative, and never
|>>>> require you
|>>>> |>to do the round-trip, but go directly to ask winbindd.
|>>>> | Ummm, we do not want a local SAM. All account and group
|>>>> information should
|>>>> | be in LDAP or NIS and the PDC's SAM.
|>>>> then just don't use it, there'll be only the builtin aliases and
|>>>> the local administrator
|>>>> and guest (disabled) by default.
|>>>> (just like a just installed windows member server)
|>>> Sure, I was just pointing out to Simo that there are many ways that
|>>> want to use these things.
|>> I know, people generally do not want to manage users on a NAS box, but
|>> NASes are just one of the targets of samba4.
|>> We need to be as compatible as we can, so we will implement all it is
|>> necessary and probably something more :-)
|> Ahhh, so we are in violent agreement then :-)
|> Richard Sharpe, rsharpe[at]richardsharpe.com, rsharpe[at]samba.org,
|> sharpe[at]ethereal.com, http://www.richardsharpe.com
| This is how I could imagine the Samba4 Winbind and *nix OS interaction
| (see attached ASCII graphic)
| With storing posix attributes in Samba4's LDAP server winbinds job is
| just to retrive them, much like the nss_ldap does, the only difference
| beeing in doing a recursive search for group membership.
| Maybe better to get a ticket on behalf of the user, and lookup the SIDs
| obtained from the PAC, to get the uid and gids, and coresponding posix
Why do you want to have a difference between the cases if you have a samba4 dc or a ms dc?
I think we should handle both the same way.
And also winbind should export the local SAM(dsdb) accounts and groups dirrently from the database
Stefan Metzmacher <metze at samba.org> www.samba.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3-nr1 (Windows XP)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
More information about the samba-technical